#hack100days Day96: More watching Practical Web Application Security and Testing from academy.tcm-sec.com. Might poke at another HtB box before day is done. #infosec #cososec

#hack100days Day95: Finished of HtB Health. Glad to have worked with a team. For an "easy" box, that felt far from it. Now to watch some web app hacking videos. #infosec #cososec

#hack100days Day94: Forgot to log yesterday’s activity. Worked on HtB Health with some folks. Worked on python scripting skills. #infosec #cososec

#hack100days Day93: No hands on keyboard hacking today. Read up on Active Directory to refresh and rebuild mental model of what it looks like on a network. #infosec #cososec

#hack100days Day92: Today was not as productive as the past two. Did get in some time on alh4zr3d’s stream as he worked on a Try Hack Me box. Couple of tools referenced there look interesting. #infosec #cososec

Hah! It bums out on 'whoami <forward slash>priv'. Probably a "Nuke attempts at command injection" thing.

Weird. I had /priv in the original version of Day91 post, wonder if that created a problem. I reworded to eliminate the forward slash and was able to post.

#hack100days Day91: Kept banging on 'return' off and on through the day. Some guidance, based on the results of whoami with priv flag, didn't work as expected. Spun up neo4j and bolt on my infra box for BloodHound. Listened in on mtaggart stream and learned a bit about Content-Security-Policy. #infosec #cososec

Post is not broke, confirmed.

Tried continuing a thread, but the post isn't working. Is there a limit to how long threads can be or is post broke?

#hack100days Day90: Took a crack at Hack the Box machine return. I love evil-winrm. Got user pretty quick. Working on priv esc. Should put it away tonight. #infosec #cososec

#hack100days Day89: Took a crack at an Offsec Proving Grounds box. Learned more how to deal with open proxies. (Wish I'd known how to do this a couple of years ago.) #infosec #cososec

#hack100days Day87: Revisited Ubuntu Multipass and toolbox to run impacket, etc. from. Poked at academy.htb #infosec #cososec

#hack100days Day86: spent day off and on working on getting parrot and kali 2023 on hyper-v. Not an awesome experience.

Turns out they played like Norwich...

Come on you Bees! (The Man U uniforms make ‘em look like Norwich.)

#hack100days Day85: D’oh. Forgot to record yesterday. Worked on HtB Blackfield. I’m really liking CrackMapExec. Refreshed the Impacket brain wrinkles. #infosec #cososec

PSA for all the VARs and consultancies out there. When submitting an RFP response or a proposal, please make sure the grammar is right. It's distracting if it's wrong. Also, if you're re-using a proposal from another customer, please remove references to the other customer.

#hack100days Day85: Banged on academy.htb. Wordlists matter. Grr. #infosec #cososec

#hack100days Day84: Poked at a box on another platform. Looks like BlueKeep is the way in, but metasploit module is for x64 and the target is x86. Found a PoC for x86, but I'm fighting python module dependencies. I need to get better at venv, I guess. Then the clock ran out, so I can't pick at it until tomorrow. #infosec #cososec